High severityNVD Advisory· Published Jul 31, 2024· Updated Aug 2, 2024
CVE-2024-40465
CVE-2024-40465
Description
An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the getCacheFileName function in file.go file
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/beego/beego/v2Go | < 2.2.1 | 2.2.1 |
Affected products
28- osv-coords27 versionspkg:apk/chainguard/harbor-2.10pkg:apk/chainguard/harbor-2.10-jobservicepkg:apk/chainguard/harbor-2.10-portalpkg:apk/chainguard/harbor-2.10-portal-nginx-configpkg:apk/chainguard/harbor-2.10-registryctlpkg:apk/chainguard/harbor-2.11pkg:apk/chainguard/harbor-2.11-exporterpkg:apk/chainguard/harbor-2.11-jobservicepkg:apk/chainguard/harbor-2.11-photon-registrypkg:apk/chainguard/harbor-2.11-portalpkg:apk/chainguard/harbor-2.11-portal-nginx-configpkg:apk/chainguard/harbor-2.11-redis-compatpkg:apk/chainguard/harbor-2.11-registryctlpkg:apk/chainguard/harbor-fips-2.11pkg:apk/chainguard/harbor-fips-2.11-dbpkg:apk/chainguard/harbor-fips-2.11-exporterpkg:apk/chainguard/harbor-fips-2.11-jobservicepkg:apk/chainguard/harbor-fips-2.11-photon-registrypkg:apk/chainguard/harbor-fips-2.11-portalpkg:apk/chainguard/harbor-fips-2.11-redis-compatpkg:apk/chainguard/harbor-fips-2.11-registryctlpkg:apk/wolfi/harbor-2.11pkg:apk/wolfi/harbor-2.11-jobservicepkg:apk/wolfi/harbor-2.11-portalpkg:apk/wolfi/harbor-2.11-portal-nginx-configpkg:apk/wolfi/harbor-2.11-registryctlpkg:golang/github.com/beego/beego/v2
< 2.10.3-r1+ 26 more
- (no CPE)range: < 2.10.3-r1
- (no CPE)range: < 2.10.3-r1
- (no CPE)range: < 2.10.3-r1
- (no CPE)range: < 2.10.3-r1
- (no CPE)range: < 2.10.3-r1
- (no CPE)range: < 2.11.2-r20
- (no CPE)range: < 2.11.2-r20
- (no CPE)range: < 2.11.2-r20
- (no CPE)range: < 2.11.2-r22
- (no CPE)range: < 2.11.2-r20
- (no CPE)range: < 2.11.2-r20
- (no CPE)range: < 2.11.2-r20
- (no CPE)range: < 2.11.2-r20
- (no CPE)range: < 2.11.2-r25
- (no CPE)range: < 2.11.2-r25
- (no CPE)range: < 2.11.2-r25
- (no CPE)range: < 2.11.2-r25
- (no CPE)range: < 2.11.2-r28
- (no CPE)range: < 2.11.2-r25
- (no CPE)range: < 2.11.2-r25
- (no CPE)range: < 2.11.2-r25
- (no CPE)range: < 2.11.2-r20
- (no CPE)range: < 2.11.2-r20
- (no CPE)range: < 2.11.2-r20
- (no CPE)range: < 2.11.2-r20
- (no CPE)range: < 2.11.2-r20
- (no CPE)range: < 2.2.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-wr3p-r5fj-wf97ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-40465ghsaADVISORY
- gist.github.com/nyxfqq/a5a2fc5147a1b34538e1ac05a3e56910ghsaWEB
- github.com/beego/beego/commit/5a366cd62b555354a917a2d153e6563fe4d6eb88ghsaWEB
- github.com/beego/beego/commit/8f89e12e6cafb106d5c201dbc3b2a338bfde74e2ghsaWEB
- github.com/beego/beego/security/advisories/GHSA-6g9p-wv47-4fxqghsaWEB
News mentions
0No linked articles in our index yet.